As AI transforms both cyberattacks and defense strategies, security leaders face a pivotal year ahead. Discover how the agentic SOC, nation-state threats, and post-quantum cryptography readiness are reshaping the security landscape for 2026.
Vincent Stoffer, Field Chief Technology Officer at Corelight, shares his predictions for 2026 and what security teams should prepare for in the coming year. With nearly a decade at Corelight and a background in network and security engineering, Stoffer brings a unique perspective on where the industry is heading.
The conversation explores the emergence of the agentic SOC, where AI agents work alongside human analysts to accelerate detection, response, and incident resolution. Stoffer explains that while the protocols and tools have been in development, 2026 is the year organizations will finally see these capabilities deliver real results. The key differentiator, he notes, is data quality. Tools that provide rich, detailed, and comprehensive network evidence will thrive in this AI-enabled environment.
Stoffer also addresses the persistent threat from nation-state actors, particularly China's Typhoon campaigns targeting critical infrastructure. From energy and telecoms to international partners, these threats continue to expand with AI-powered acceleration. Understanding your environment and detecting anomalous behavior remains essential for organizations facing these sophisticated adversaries.
The discussion concludes with a look at post-quantum readiness. While quantum computing threats may be 10 to 20 years away, Stoffer emphasizes the importance of understanding cryptographic assets now. Corelight has published a white paper detailing how NDR provides the network visibility needed to locate cryptographic assets and plan migration to quantum-ready cipher suites.
This is a Brand Highlight. A Brand Highlight is an introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight
GUEST
Vincent Stoffer, Field Chief Technology Officer at Corelight
On LinkedIn: https://www.linkedin.com/in/vincent-stoffer-07057827/
RESOURCES
Learn more about Corelight: https://corelight.com
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Vincent Stoffer, Corelight, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic SOC, network detection and response, NDR, critical infrastructure security, nation-state threats, China Typhoon campaigns, Salt Typhoon, Volt Typhoon, post-quantum cryptography, quantum readiness, AI in cybersecurity, security operations, incident response, network visibility, Zeek
[00:00:00] Sean Martin: And hello everybody. You're very welcome to a new brand highlight here with Vince Stoffer. Vince is the field CTO at Corelight. Thanks for joining me here, Vince.
Vince Stoffer: Hi. Thanks for having me. Nice to be here.
Sean Martin: It's good. It's good to have you on and I'm excited to hear. Here's some year predictions for 2026, as they relate to, security operations and security management and the broader, impact all that stuff is having on the business.
Give us a few words about, what Corelight's mission is, and maybe your role and experience, that contributes to what we're gonna be talking about today.
[00:01:00] Vince Stoffer: Yeah, sure. So if you haven't heard of Corelight, we are the fastest growing NDR company. We were originally based around an open source project called Zeek, which our founders created.
We now serve, broad enterprise and many of the most highly sophisticated organizations in the world. Trying to produce the best network data. And providing that to our customers so that they can speed their incident response and, security posture. I'm the field CTO currently, been with the company since the beginning, almost 10 years.
Played product roles and, came out of network and security engineering before that.
Sean Martin: And, being in the field and having your hands on, defining product. You, you get the, I think the fun part of, looking at what's coming up, right? What, what can we anticipate and what we can expect. Yeah. And, you're always thinking about that.
So what are some of the things you, you expect us to see, in the next, next year or so?
[00:02:00] Vince Stoffer: Yeah, so, a few things to talk about today. I think, maybe I'll start with kind of the agentic SOC, and where that's going. And, obviously we, we hear a lot of talk about, how AI can enable cybersecurity teams, how it's impacting cybersecurity teams in terms of automated defense, against the sort of, attacks that, you know, many adversaries are using, which are enabled by AI.
And so I think that, you know, this difference between whether attackers have the upper hand or defenders have the upper hand is, is an interesting thing to explore. But it seems like in the next year, the, the concept of the agentic SOC or the modern SOC, is that a, a, a bunch of different tools can combine together using AI agents, using people of course.
But, always trying to have a faster outcome, deal with different types of data, and pull them together
[00:03:00] in different ways to provide better context, provide better workflows to provide just acceleration of timelines, both kind of time to detection and time to respond, and time to resolve incidents.
And so I think what we've seen so far is, is a lot of talk about these tools. There's been a lot of development of the protocols themselves, MCP and A to A and all these over the past year or so. But we haven't yet seen the kind of delivery of all of that in, the ecosystem. So I, I mean, certainly some of the, the, the large SIEMs, the, the players in this space for, AI enabled, workflows are really pushing the boundaries now.
And I think we're starting to see, some of the fruits of all of that. So I think this will be the year that finally we will see, that really come to fruition. And we'll see, actual acceleration of workflows and, and speed of, resolution start to improve by using some of these, agentic tools together.
And I think in the end that
[00:04:00] is also greatly impacted by the quality of the data. The, the tools that are gonna survive and thrive in that environment are not only gonna be kind of enabled for AI and, and have their data accessible through some of those technologies, but also they're going to be rich and detailed and comprehensive in terms of what they can provide.
Because if you've got an autonomous agent, taking action and pulling in data, you want it to be the best data, it's still the same problem. If you have garbage in, you get garbage out. So we wanna make sure that those SOCs are enabled with the best data.
Sean Martin: Yeah, driven. Driven obviously by a lot of, AI enabled attacks.
And, I, I want to take, we only have a few minutes here. I want to get into some of the environments. I know a lot of, a lot of emphasis on enterprise IT. We can look at OT as a broad space. What are you thinking about, in terms of critical infrastructure?
Vince Stoffer: Yeah, critical infrastructure is a, a sweet spot for our company.
We serve a lot of big critical infrastructure providers from energy to gas,
[00:05:00] telecoms, et cetera. Something I've spent a lot of time talking about is, the attacks from China, Salt Typhoon, Volt Typhoon, Silk Typhoon. Those continue to expand and bring a real threat to all enterprises. And I think that with the acceleration that AI is providing, and we know that China is absolutely using these tools for many of its different campaigns.
That's going to continue to be a challenge for enterprises this coming year. We'll continue to see the spread internationally, not just be US focused, but continue against international partners and, companies that are operating around the world. And I think we'll continue to see that, persistence and sometimes the, the strategic positioning for future disruption.
Comes in strange ways that may, may not even understand or be able to appreciate until, that time happens. So definitely pays to be aware and understand your environment so you know when something unusual or anomalous is happening.
[00:06:00] Sean Martin: Yeah, and speaking of being prepared, it's easy to put this next, next one on the back burner post quantum readiness.
So as we wrap here, maybe your thoughts on, yeah. Post quantum and being ready for that and, and then a little, little plug for the white paper that the team at Corelight put together on this topic.
Vince Stoffer: Yeah, absolutely. So, you know, we hear a lot of interest in, protection against, quantum computing, cracking, communication algorithms, encryption algorithms.
It's something I talk to a lot of, enterprises about. And so. The first step in being prepared is understanding what kind of cryptographic assets you have in your environment so that you can make a plan, to, to migrate, to post quantum ready, cryptographic, cipher suites and communications. So, we've put together a white paper that really talks about how Corelight and something like NDR can provide the network visibility, to really understand and, be able to locate your
[00:07:00] cryptographic assets so you can find out where you are in that kind of place of migration and, and work towards being quantum ready. Now of course, this isn't coming this year. We're not gonna see Shor's algorithm broken in 2026. It could be 10 years out, 20 years out. We don't really know. But there is a lot of focus on being able to be prepared, understand, and be, agile in your cryptographic deployment and migration plans.
Sean Martin: I love it. No, no lack of things to, to, consider and be prepared for. And I'm, I'm glad you Vince and the team at Corelight are helping organizations kind of get, get their head wrapped around some of these things and be, be aware so they can start to be ready and, and prepared. Thanks so much for, sharing these predictions with us on, this brand highlight and, we look forward to more stories from Corelight soon.
Thanks, Vince.
Vince Stoffer: Thanks for having me.
[00:08:00]